I have some queries about permission previously when onboarding GCP project on Prisma Cloud.
I have given 5 roles below to the user who is used to onboard the GCP project.
Is there any minimum permission needed to be able to onboard this cloud account?
Hope you please kindly check this.
Please see below my comments on the minimum permissions needed to on-board a GCP cloud account.
On-board the account and select monitor, this will provide the bare minimum permissions
Please see below the minimum requirements to onboard a GCP cloud account.
Minimum permissions required:
Viewer—Primitive role on GCP.
Prisma Cloud Viewer—Custom role. Prisma Cloud needs this custom role to grant cloud storage bucket permission to read storage bucket metadata and update bucket IAM policies. This role requires storage.buckets.get to retrieve your list of storage buckets, and storage.buckets.getIampolicy to retrieve the IAM policy for the specified bucket.
Compute Security Admin—Predefined role on GCP. An optional privilege that is required only if you want to enable auto-remediation.
Organization Role Viewer—Predefined role on GCP. This role is required for onboarding a GCP Organization.
Dataflow Admin—Predefined role on GCP. An optional privilege that is required for dataflow log compression using the Dataflow service. See Flow Log Compression on GCP for details.
Folder Viewer—Predefined role on GCP. An optional privilege that is required only if you want to onboard GCP Folder metadata, select specific folders—include or exclude folders—, and to automatically create account groups based on the folder hierarchy.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!